This is such a great “example of bad.” It
will be interesting to see if they structured their corporation(s) to
'break away” (into bankruptcy) as they get swamped with lawsuits.
Ashley
Madison hauled to court in class action suits over data breach
… Suits filed in federal courts in California
and Texas by people using John Doe as a pseudonym, claim for damages,
alleging that Avid Life Media, the parent company based in Toronto,
did not have adequate and reasonable measures to secure the data of
users from being compromised, and failed to notify users in time of
the breach.
… At least five
suits seeking class-action status have been filed in Canada and
in U.S. courts in California, Texas and Missouri, according to NBC.
… The Rosen Law Firm, for example, last week
announced it had
initiated a class action lawsuit investigation regarding a
potential debit and credit card breach at Ashley Madison, and was
also looking at consumer fraud claims in connection with the
website's “Full Delete” service, which purported to eliminate
user profiles and traces on its website and database in exchange for
a fee.
(Related) You see why I want to collect all this
stuff?
Can feds be
fired for adultery? The government is combing through thousands of
e-mail addresses that turned up in the Ashley Madison leak
Now that the Ashley
Madison hack has outed as many as 15,000 federal employees and
active duty military, government agencies say they’re combing
through the e-mail addresses of possible adulterers to see if their
extramarital activity on work time amounts to anything punishable.
The rules of the game for morality in federal
offices may be straightforward for pornography (watching it can
definitely get you fired) — but the kind of skeleton in the closet
that showed up in the trove of 36 million users exposed on the
cheating Web site presents officials with a murkier problem, experts
say.
(Related) Probably best to do your hacking away
from the office systems. (Could AM's hackers have used the same
security hole?)
Leaked
AshleyMadison Emails Suggest Execs Hacked Competitors
Hacked online cheating service AshleyMadison.com
is portraying itself as a victim of malicious cybercriminals, but
leaked emails from the company’s CEO suggests that AshleyMadison’s
top leadership hacked into a competing dating service in 2012.
… On Nov. 30, 2012, Raja Bhatia,
the founding chief technology officer of AshleyMadison.com, sent a
message to Biderman notifying his boss of a security hole discovered
in nerve.com, an American online magazine dedicated
to sexual topics, relationships and culture.
At the time, nerve.com was experimenting with its
own adult dating section, and Bhatia said he’d uncovered a way to
download and manipulate the nerve.com user database.
“They did a very lousy job building their
platform. I got their entire user base,” Bhatia told Biderman via
email, including in the message a link to a Github archive with a
sample of the database. “Also, I can turn any non paying user into
a paying user, vice versa, compose messages between users, check
unread stats, etc.”
For my IT Governance students. Makes what you are
learning even more valuable! (You're welcome)
Appeals
Court Upholds FTC’s Data Security Authority
by Sabrina
I. Pacifici on Aug 24, 2015
EPIC – “A
federal appeals court ruled
that the Federal Trade Commission can enforce data security
standards. In FTC
v. Wyndham, the agency sued Wyndham hotels after the company
exposed financial data of hundreds of thousands of customers. The
company argued that the FTC lacked authority to enforce security
standards, but the court disagreed. EPIC filed an amicus
brief, joined by leading technical experts and legal scholars,
defending the FTC’s “critical role in safeguarding consumer
privacy and promoting stronger security standards.”
This is not for “every day” backups. This is
for that first transfer of data or for a huge bump in your data flow.
Think of a small law firm that suddenly has to handle a few
petabytes of digital evidence. Then think who you would trust to
handle that data.
Google
Expands Cloud Storage with Offline Import/Export Service
Backing up data is one of the most important parts
of running a company. The problem arises when a business has too
much data and too little time to get it all into the cloud.
To help businesses get their data under control,
Google is expanding its Cloud Storage service by allowing third
party-providers to upload data to the platform on a business's
behalf.
First launched in 2013, businesses were previously
only allowed to use the feature to back up their hard drives into
Google Cloud Storage. Now expanded into a major feature called
Offline Media Import/Export, this update now lets businesses
physically mail all types of storage devices — such as hard drives,
tapes and USB flash drives — to companies that will back up their
data for them.
Not everyone can block a specific page on a
website. (Their tools lack granularity.)
Moscow
lifts ban on Russian Wikipedia
Moscow on Tuesday lifted a ban on the
Russian-language
version of Wikipedia less than a day after imposing it.
Internet regulator Roskomnadzor said an article
about Charas, a form of hashish, ruled illegal by a local court in
June, had now been sufficiently edited on Russian Wikipedia to put
the online encyclopedia in compliance with the ruling.
The webpage has therefore been excluded from its
internet blacklist, it added.
Several Russian internet service providers started
blocking access to the Russian-language Wikipedia site after the
regulator added it to its registry of forbidden information on
Monday.
Internet users in some Russian regions saw a
notice from the registry instead of the Wikipedia page when trying to
access it.
Wikipedia said the outlawing of some information
triggered a blacklisting of the entire service because the website
uses the secure protocol HTTPS which prevents the filtering and
censoring of its content from the outside. [Some
ISPs had no problem blocking only the target page... Bob]
Are we becoming a nation afraid of our own shadows
or is this another case of “we gotta do something!”? What is the
probability that any of these locations will experience a
terrorist-like attack? Are Movie theaters more dangerous than
driving to work?
Another reason NOT to go to the movies.
Joe Cadillic writes:
The Regal Entertainment Group – the nation’s largest movie theater chain just added a bag and purse check policy as a so-called security measure in some of its theaters, which undoubtedly will include every theater soon!
Regal Entertainment’s website uses public safety as a reason to ILLEGALLY search everyone’s handbag, backpacks etc.
“Security issues have become a daily part of our lives in America. Regal Entertainment Group wants our customers and staff to feel comfortable and safe when visiting or working in our theatres. To ensure the safety of our guests and employees, backpacks and bags of any kind are subject to inspection prior to admission. We acknowledge that this procedure can cause some inconvenience and that it is not without flaws, but hope these are minor in comparison to increased safety.”
Jim Davis, a public safety expert who served as Homeland Security advisor to Governor John Hickenlooper promises soon EVERYONE will be TSA searched at movie theaters:.
“There is no question in my mind that there are meetings going on as we speak, talking about improving security and associated liability. I think it will take time to happen… By necessity now – from a liability standpoint, movie theaters are going to have to step up.” [Really? Bob]
On July 29th., I reported how AMC and SMG movie theaters are working with DHS to establish TSA checkpoint searches at movie theaters across the country!
Don’t think TSA security searches are coming to a theater near you? Senator Tony Avella is working on legislation to introduce metal detectors at theaters, malls and sports stadiums.
Read more on MassPrivateI
This drives up the “Big Brother Index” (Yeah,
I made that up)
Police
Regularly Use Stingrays Without A Warrant To Find Petty Criminals,
Then Try To Hide That Fact
Mike Masnick writes:
Over the last few years, we’ve published a ton of stories about the growing police reliance on Stingray cell site simulator devices (also known as IMSI catchers), that mimic a real cell phone tower and help provide the location of a certain mobile phone. As we’ve written, these devices have been super popular with police departments, who often receive them from the federal government with strict non-disclosure agreements, which means law enforcement has been known to lie to courts or simply drop cases where the usage is at risk of coming out in court.
It seems that this story is getting more and more national attention.
For my Computer Security and Ethical Hacking
students.
Mandatory
Minimum Sentencing: Federal Aggravated Identity Theft
by Sabrina
I. Pacifici on Aug 24, 2015
CRS report vai FAS – Mandatory
Minimum Sentencing: Federal Aggravated Identity Theft – Charles
Doyle, Senior Specialist in American Public Law. August 20, 2015.
“Aggravated identity theft is punishable by a
mandatory minimum sentence of imprisonment for two years or by
imprisonment for five years if it relates to a terrorism offense. At
least thus far, the government has rarely prosecuted the five-year
terrorism form of the offense. The
two-year offense occurs when an individual knowingly possesses, uses,
or transfers the means of identification of another person, without
lawful authority to do so, during and in relation to one of more than
60 predicate federal felony offenses (18 U.S.C. 1028A).
Section 1028A has the effect of establishing a mandatory minimum
sentence for those predicate felony offenses, when they involve
identity theft. A sentencing court has the discretion not to “stack”
or pancake multiple aggravated identity theft counts and, as with
other mandatory minimums, may impose a sentence of less than the
mandatory minimum at the request of the prosecution based on the
defendant’s substantial assistance. More
than half of the judges responding to a United States Sentence
Commission survey felt the two-year mandatory minimum penalty was
generally appropriate. The Commission’s report on
mandatory minimum sentencing statutes is mildly complimentary of the
provision.”
Some low hanging fruit for recruiters?
Law Firms’
Grueling Hours Are Turning Defectors into Competitors
In this latest flurry of debate about working
long hours, some have intimated that overwork is inevitable in
highly
competitive industries such as law, finance, and high tech.
But that’s just not true.
We’ve all heard by now that productivity
decreases with overwork, while attrition and health care costs
increase. What you may not have heard is that businesses who
drive people relentlessly create competitors who poach top talent by
offering a more humane way to work.
A new
study from the Center for WorkLife Law reports on this phenomenon
in the legal profession. The report identifies over 50
entrepreneurial businesses that offer lawyers jobs with better
work-life balance than large law firms offer. Big Law, meet New Law.
(Related) Making life easier for those poor
suffering lawyers.
App adds
features to Westlaw and Lexis – makes legal research faster and
easier
by Sabrina
I. Pacifici on Aug 24, 2015
Bestlaw,
a robot for legal research [via Bob Ambrogi]
“Features – When you
read a document—like a case, statute, or law review article—Bestlaw
adds a toolbar with these features:
- Copy a perfect Bluebook citation with one click
- Read documents in a clean, readable view with beautiful typography
- Prevent getting automatically signed off
- Collapse and expand statutory sections
- Automatically generate a clickable table of contents for any document
- One-click copying for citations, titles, docket numbers, and full text
- Highlight hard-to-see page numbers
- Jump between footnotes and the main text without losing your place
- Instantly look up information about a case on Wikipedia and other sources
- Share the document by email or on Facebook, Twitter, and Google+…”
Always sad to see less humor in the world. But,
you gotta keep your politicians happy.
Twitter is effectively killing off a project in 30
countries that archives the deleted tweets of politicians and
diplomats — months after doing the same thing in the United States.
The Open State Foundation, which runs the
projects, said Twitter informed it over the weekend that it was
revoking access to its Application Programming Interface (API), which
allowed programmers to use the tool that automatically archives the
deleted tweets of politicians.
… The social media company did the same
thing to the U.S.-based Politwoops project run by the Sunlight
Foundation back in May. At the time, Twitter said the project
violated the company’s developer agreement related to privacy.
Perspective.
Mobile
Messaging and Social Media 2015
by Sabrina
I. Pacifici on Aug 24, 2015
Pew Report –
Mobile
Messaging and Social Media 2015 – August 19, 2015: “In
today’s world, people — particularly young people — are
continually finding and adapting new
ways of communicating electronically to fit their needs.
Case in point: 2015 marks the first time Pew Research Center has
asked specifically about mobile messaging apps as a separate kind of
mobile activity apart from cell phone texting. And already,
according to a new survey, 36%
of smartphone owners report using messaging apps such as WhatsApp,
Kik or iMessage, and 17%
use apps that automatically delete sent messages such as Snapchat or
Wickr. Both of these kinds of apps are particularly popular
among young adults. Half (49%) of smartphone owners ages 18 to 29
use messaging apps, while 41% use apps that automatically delete sent
messages. These apps are
free, and when connected to Wi-Fi, they do not use up SMS (Short
Messaging Service) or other data. Furthermore, they offer
a more private kind of social interaction than traditional social
media platforms such as Facebook or Twitter.”
(Related)
Tor
Increasingly Used by Malicious Actors: IBM
IBM
Security’s X-Force Threat Intelligence report for the third quarter
of 2015 reveals that the Tor (The Onion Router) anonymity network is
increasingly leveraged for malicious purposes.
The
Tor network, created with support from the U.S. government, is often
used by journalists, activists, and whistleblowers to protect their
identities and their communications. However, the anonymity network
is also utilized by intelligence operatives, cybercriminals and other
malicious actors.
The
use of Tor for malicious purposes has increased over the past period
with millions of malicious events originating from Tor exit nodes
every year. According to IBM, roughly 180,000 malicious events
originated from United States exit nodes between January 1 and May
10, 2015. A large number of malicious events were also traced in
this period to exit nodes in the Netherlands (150,000), Romania
(80,000), France (60,000), Luxembourg (55,000), and Uruguay (53,000).
It’s worth noting that the Netherlands and the United States
account for the largest number of exit notes.
… The
complete IBM X-Force Threat Intelligence report for Q3 2015, which
also
details ransomware-as-a-service
and vulnerability disclosures, is available for download
in PDF format.
For
all my students.
http://sloanreview.mit.edu/article/participant-questions-from-the-recent-internet-of-things-webinar/
Participant
Questions From the Recent “Internet of Things” Webinar
On
July 30th, 2015, we held a free, live webinar on “Managing Data in
the Age of the Internet of Things.” If you missed the webinar
live, the recorded version is available
for online viewing or download
the presentation (PDF).
For
my 3D printing students. Coming soon to a smartphone near you!
MobileFusion:
Research project turns regular mobile phone into 3D scanner
A new Microsoft Research project lets people to
create high-quality 3D images in real time, using a regular mobile
phone, with about the same effort it takes to snap a picture or
capture a video.
"What this system effectively allows us to do
is to take something similar to a picture, but it's a full 3D
object," said Peter
Ondruska, a Ph.D. candidate at Oxford University who worked on
the project while he was an intern at Microsoft Research.
The researchers say the system, called
MobileFusion,
is better than other methods for 3D scanning with a mobile device
because it doesn't need any extra hardware, or even an Internet
connection, to work. That means scientists in remote locations or
hikers deep in the woods can capture their surroundings using a
regular cell phone without a Wi-Fi connection.
… The scans are high-quality enough to be used
for things like 3D printing and augmented reality video games.
… The researchers will present MobileFusion in
early October at the International
Symposium on Mixed and Augmented Reality.
… Currently, the researchers are working on
making sure the system works with all types of mobile devices,
including Windows Phone, Android and iPhone devices. Izadi said they
hope to eventually make it available to the general public in some
form, but there are no firm plans right now.
No comments:
Post a Comment